350 likes | 514 Views
Header Space Analysis: Static Checking For Networks . Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford University) November 7 th , 2012 IRTF. Motivation. It is hard to understand and reason about end-to-end behavior of networks:
E N D
Header Space Analysis: Static Checking For Networks Peyman Kazemian (Stanford University) George Varghese(UCSD, Yahoo Labs) Nick McKeown (Stanford University) November 7th, 2012 IRTF
Motivation • It is hard to understand and reason about end-to-end behavior of networks: • Can host A talk to host B? • What are all the packet headers from A that can reach B? • Are there any loops or black holes in the network? • Is Slice X isolated totally from Slice Y? • What will happen if I remove an entry from a router?
Motivation • There are two reason for this complexity: • Networks are getting larger. • Network functionality becoming more complex. • Firewalls, ACLs and deep packet inspection MBs. • VLAN and inter-VLAN routing. • Encapsulation (MPLS, GRE). • ToS-based routing. • nondeterministic routing. Application Transport Internet Access
Looking at the other fields Communication Systems: De- Modulation D S Frequency Modulation Antenna Amplifier Antenna Band Pass Filter Cos(wt) Cos(wt)
Header Space Analysis A simple abstraction to model all kinds of forwarding functionalities regardless of specific protocols and implementations.
Header Space FrameworkSimple Observation: a packet is a point in the space of possible headers and a box is a transformer on that space.
Header Space Framework • Step 1 - Model packet header as a point in {0,1}L space – The Header Space Header Data 01110011…1 0xxxx0101xxx L
Header Space Framework • Step 2 – Model all networking boxes as transformer of header space 1101..00 3 Transfer Function: Packet Forwarding 1 1110..00 2 Match Action + + 0xx1..x1 11xx..0x Send to port 3 Rewrite with 1xx011..x1 Send to port 2 Rewrite with 1x01xx..x1
Header Space Framework • Example: Transfer Function of an IPv4 Router • 172.24.74.0 255.255.255.0 Port1 • 172.24.128.0 255.255.255.0 Port2 • 171.67.0.0 255.255.0.0 Port3 1 2 3 (h,1)if dst_ip(h) = 172.24.74.x T(h, p) = (h,2) if dst_ip(h) = 172.24.128.x (h,3) if dst_ip(h) = 171.67.x.x
Header Space Framework • Example: Transfer Function of an IPv4 Router • 172.24.74.0 255.255.255.0 Port1 • 172.24.128.0 255.255.255.0 Port2 • 171.67.0.0 255.255.0.0 Port3 1 2 3 (dec_ttl(h),1)if dst_ip(h) = 172.24.74.x T(h, p) = (dec_ttl(h),2) if dst_ip(h) = 172.24.128.x (dec_ttl(h),3) if dst_ip(h) = 171.67.x.x
Header Space Framework • Example: Transfer Function of an IPv4 Router • 172.24.74.0 255.255.255.0 Port1 • 172.24.128.0 255.255.255.0 Port2 • 171.67.0.0 255.255.0.0 Port3 1 2 3 (rw_mac(dec_ttl(h),next_mac) , 1) if dst_ip(h) = 172.24.74.x T(h, p) = (rw_mac(dec_ttl(h),next_mac) , 2) if dst_ip(h) = 172.24.128.x (rw_mac(dec_ttl(h),next_mac) , 3) if dst_ip(h) = 171.67.x.x
Example Rules: • FWD & RW: rewrite bits 0-2 with value 101 • (h & 000111…) | 101000… • Encapsulation: encap packet in a 1010 header. • (h >> 4) | 1010…. • Decapsulation: decap 1010xxx… packets • (h << 4) | 000…xxxx • Load Balancing: • LB(h,p) = {(h,P1),…(h,Pn)}
Header Space Framework • Properties of transfer functions • Composable: • Invertible: R1 R2 R3 T1(h, p) T3(h, p) T2(h, p) Domain (input) Range (output)
Header Space Framework • Step 3 - Develop an algebra to work on these spaces. • Every object in Header Space, can be described by union of Wildcard Expressions. • We want to perform the following set operations on wildcard expressions: • Intersection • Complementation • Difference
Header Space Framework • Finding Intersection: • Bit by bit intersect using intersection table: • Example: • If result has any ‘z’, then intersection is empty: • Example: • See the paper for how to find complement and difference.
Use Cases of Header Space FrameworkThese are only some example use cases that we developed so far…
Use Cases • Can host A talk to B? All Packets that A can use to communicate with B A T-11 Box 1 Box 2 T2(T1(X,A)) T-12 T-11 T1(X,A) T4(T1(X,A)) T-14 T-13 Box 4 Box 3 B T-13 T3(T2(T1(X,A)) U T3(T4(T1(X,A))
Use Cases • Is there a loop in the network? • Inject an all-x text packet from every switch-port • Follow the packet until it comes back to injection port T1(X,P) Box 2 T2(T1(X,P)) T-12 Box 1 T-13 T-11 Box 3 T-14 Original HS Returned HS T3(T2(T1(X,P))) Box 4 T4(T3(T2(T1(X,P))))
Use Cases • Is the loop infinite? Finite Loop Infinite Loop ?
Use Cases • Are two slices isolated? • What do we mean by slice? • Fixed Slices: VLAN slices • Programmable Slices: slices created by FlowVisor • Why do we care about isolation? • Banks: for added security. • Healthcare: to comply with HIPAA. • GENI: to isolate different experiments running on the same network.
Use Cases • Are two slices isolated? • 1) slice definitions don’t intersect. • 2) packets do not leak. Box 2 Box 1 Box 3 Box 4
Header Space Framework • A Powerful General Foundation that gives us • A common model for all packets • Header Space. • A unified view of almost all type of boxes. • Transfer Function. • A powerful interface for answering different questions about the network. • T(h,p) and T-1(h,p) • Set operations on Header Space
Implementation • Header Space Library (Hassel) • Written in Python and C. • Implements Header SpaceClass • Set operations • Implements Transfer Function Class • T and T-1 • Implements Reachability, Loop Detection and Slice Isolation checks. • < 50 lines of code • Includes a Cisco IOS parser, Juniper Junos Parser and OpenFlow table dump parser. • Generates transfer function from CLI output. • Keeps the mapping from Transfer function rule to line number in the CLI output. • Publicly available: git clone https://bitbucket.org/peymank/hassel-public.git
Stanford backbone network ~750K IP fwd rule. ~1.5K ACL rules. ~100 Vlans. Vlan forwarding.
Stanford backbone network • Loop detection test – run time < 10 minutes on a single laptop. Vlan RED Spanning Tree Vlan BLUE Spanning Tree
Performance Performance result for Stanford Backbone Network on a single machine: 4 core, 4GB RAM.
Next Steps • Automatic Test Packet Generation (To appear in CoNEXT 2012). • Uses HSA model to Generate minimum number of test packets to maximally cover all the “rules” in the network. (Data Plane Testing) • One error detected, find the location of error in data plane. • NetPlumber: Real Time Network Policy Checker. • A tool to run HSA-style checks in real time by incrementally updating results as network changes. • Achieve on average, sub-ms run time per update for checking more than 2500 pairwise reachability checks on Google WAN.
Summary • Introduced Header Space Analysis As • A common model for all packets (Header Space). • A unified view of almost all type of boxes. (Transfer Function.) • A powerful interface for answering different questions about the network. (T, T-1, Header Space Set Algebra) • Showed that direct implementation of HSA algorithms scales well to enterprise-size networks.
ThankYou! Questions?